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Abstract 

In this paper, a dormant Cout-of-n systems redundancy calculation will be introduced. Dormant failure is a failure that 
cannot be detected when it occurs because of the nature of the failure characteristic. Therefore, a dormant failure 
becomes the blind point to the design for reliability and maintainability because of its inability to be detected. The most 
popular approach in detecting a dormant failure is to carry out a scheduled periodic inspection, test or maintenance 
activity. The scheduled periodic maintenance is applied to prevent and reduce the unexpected dormant failures that 
could lead to safety consequences, or costly corrective maintenance. This paper will introduce a methodology on how 
to calculate the reliability parameter such as Mean Time Between Failure (MTBF) for the dormant k-out-of-n redundant 
systems. The mathematical relationship between the effective MTBF and the scheduled periodic 
inspection/maintenance interval is also elaborated. Case studies are adopted to illustrate how to apply the developed 
reliability calculation methodology in the mass transit train reliability and safety design. 
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1. Introduction 

In a &-out-of-7i redundant system, the unit failure can be classified into two categories: detectable 
and non-detectable. A detectable failure is a failure that is detected and /or annunciated when it 
occurs. In mass transit train subsystems and units, electrical, hydraulic and pneumatic subsystems 
failures are mostly linked to detectable failure and is usually monitored by the train on board 
health monitoring system. When such a failure occurs, the train on board health monitoring 
system can detect the degradation and abnormal condition and subsequently annunciate an alarm 
to the train operation control center. The train operation control center will take corrective actions 
to manage these occurred failures. A non-detectable failure is a failure which is not detected and 
/or annunciated when it occurs. A non-detectable failure is also called a passive failure or 
dormant failure in some standards and documentations. The most effective approach to detect a 
passive or dormant failure is to carry out a scheduled periodic inspection or test to identify them. 
The implementation of Failure Mode, Effects and Criticality Analysis (FMECA) or Failure Mode 
Effect Analysis (FMEA) can be utilized to identify the detection method of the failure mode. If a 
failure mode is identified as a dormant failure, then a scheduled periodic inspection or test is 
required as a mitigating action to detect these types of failures. In this paper, a reliability 
calculation method is introduced to speculate the relationship between the effective Mean Time 
Between Failure (MTBF) and the scheduled periodic inspection interval for the k-out-of-n 
redundant system. The study indicates that the shorter the scheduled periodic inspection interval, 
the greater the effective MTBF, vice versa, the longer the scheduled periodic inspection interval, 
the smaller the effective MTBF. This paper will start with the introduction of the reliability 
calculation methodology for the k-out-of -77 redundant system which is periodically maintained. 
Then the study proceeds to apply the developed calculation methodology in the brake discount 
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calculation for the safe stopping distance analysis in the Sao Paulo Monorail. The conclusion and 
boundary are summarized at the end of this paper. 

In reference Klion (1977), systems periodically maintained was introduced. In reference Military 
standard (1980), failure mode, effects and criticality analysis was introduced. In reference IEEE 
standard (1999), the safe train separation and typical safe braking model were introduced. In 
reference Vintr et al. (2003), preventive maintenance optimization on the basis of operating data 
analysis was presented. In reference Military Standard (2005), Binomial distribution was 
introduced. In reference Tutt et al. (2009) and (2012), risk-informed preventive maintenance 
optimization was presented. In reference Babishin et al. (2016), maintenance inspection 
optimization of k-out-of -77 redundant system was presented. In reference Guo et al. (2016), 
optimization of preventive maintenance interval on the aircraft indicators was presented. 

2. Reliability Calculation Methodology for the Redundant Systems Periodically 
Maintained 

In this section, a redundant calculation approach is introduced to a systems which is periodically 
inspected and maintained. The mass transit trains encompass various electrical and mechanical 
subsystems. Most of the failures that occur in the electrical subsystems are usually detectable and 
annunciate with an alarm to the train on board health monitoring system. Notwithstanding, some 
of the failures that occur in the mechanical subsystem are dormant and cannot be detected. For 
example, a brake caliper stuck in the release position is considered as a dormant failure, the 
failure cannot be detected until the next scheduled inspection. For the subsystems with a potential 
dormant failure, a maintenance team will visit these subsystems at every predetermined interval 
and repair all occurred failures. 

If we define T as the predetermined maintenance interval or unattended period of operation; and 
define/(/) as the failure density function. Then 

The probability that the system will be on at the end of T is R(T ) = 1 — [ / (t)dt. 

JO 


If the system is still operating at T, then the operating time for the system is T. If the system fails 
at t in (0, T), then the operating time for the system is t. Therefore, the average uninterrupted 
operating time of a system in (0, T), Tau is given by 

T au =TR(T)+ \ T tf(t)dt=TR(T) + t(l-R(t))\l - \\l-R(t))dt = C R(t)dt (1) 

JO I JO JO 

It is possible for a system to fail before the first cycle (0, T) is completed or it is possible that the 
system will not fail until the Nth cycle is completed. Therefore, if we had a large number of such 
systems ( X) in the field and intended to maintain these N systems over a long time period: 

R{T) = proportion of system surviving the first cycle with no failure 
R{T) 2 = proportion of system surviving the second cycle with no failure 
R(TY ~ proportion of system surviving the third cycle with no failure 

and, 
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R(T) n proportion of system surviving the first N cycles with no failure. Therefore, of the original 
X systems. 

Cycle 

No. 

1 X systems would operate uninterruptedly for an average of Tau hours each before 
failure 

2 R(T) X systems would operate uninterruptedly for an additional Tau hours 

3 R(T) 2 X systems would operate uninterruptedly for an additional Tau hours 

N R(T) n X systems would operate uninterruptedly for an additional Tau hours 


And the average uninterrupted operating time to first failure per system is 

T au [X + R{T)X + RiTfX + • • -R{T) N l x] _ t ^ R(T y 


( 2 ) 


1=0 


N-\ 


^^R(T)' is an infinite geometric series. R(T) is between 0 and 1. So the sum of this infinite 


i=0 


geometric series is shown as the following equation. 


ZR(Ty= 1 -^ 
1 " 


- R(T ) 


( 3 ) 


Since: 


[R(T)] N < 1 , as N gets arbitrarily large, the above equation will be equal to 
Hence: 

The average uninterrupted operating time to the first failure Tff'- 

r r f R(t)dt 

Y _ AU _ Jo_ 

FF - 1 - R(T) ~ 1 - R(T) 


1 

1 - R(T) 


( 4 ) 


Where T represents the unattended period of operation or predetermined maintenance interval 
(i.e., every T hours a maintenance team visits the system and repairs all unit failures). 
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Fig. 1. Relationship between Reliability Deterioration and Preventive Maintenance 

The Fig.l shows that a system is restored to its original condition following preventive 
maintenance, i.e., “as good as new”. 

3. Reliability Calculation Methodology for A>out-of-n Systems Periodically 
Maintained 

In the Table 6.2.1-2: Redundancy Equation for Calculation Reliability, System Reliability Toolkit 
published by Reliability Analysis Center, the reliability function R(t ) for k-out-of-n system is 
shown as the following equation: 


m =X 


nl 

k\(n — k)\ 




( 5 ) 


Substitute equation (5) into the equation (4) to obtain: 


MTBF = 


11 


nl 






i-Z 


nl 


k=m k\{n-k)\ 


(e- A, ) k (l-e- At ) 


(n-k) 


( 6 ) 


In practice, after an enormous reliability calculation with a long time period, we have observed 
that the numerator of equation (6): j* ^ — -^[e /J ) (1 — e Xt )" k dt is approximately equal to T. 

k=m k'). 

Therefore the equation (6) can be expressed as a following closed-form equation (7): 


MTBF = 


i-Z 


nl 


k=m k\{n-k)\ 


(e A ’f{\~e Al ) 


(n-k) 


( 7 ) 


The advantage to equation (7) compared with equation (6) is that we can save a lot of time by 
skipping the massive integral calculation and obtaining an approximated result. 
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Equation (7) can also be expressed as: 

MTBF =----- ( 8 ) 

1 - X 7T7~~ TTT R(T) k (1 - R(T)f l - k) 
k=m k\(n-k)\ 

Where, R(T ) = e /J for the exponential distribution. 

3.1 Determining Effective MTBF for a Single Unit 

For a single unit, the reliability function R(t ) is e ,J and the following MTBF equation can be 
applied, 


MTBF 



l-e 


-AT 


i(l-<•-") . 
__ = I 

l-e A 


(9) 


It is understood that MTBF is the reciprocal of the failure rate. The above equation also indicates 
that the inspection interval will not change the failure rate of a single unit configuration. 

3.2 Determining Effective MTBF for l-out-of-2 Redundant Systems 

In the Table 6.2.1-2: Redundancy Equation for Calculation Reliability, System Reliability Toolkit 
published by Reliability Analysis Center. For l-out-of-2 redundant system, the reliability function 
R(t ) is expressed as 2e /J - e 2lt , and therefore the effective MTBF can be calculated as: 


MTBF = 


\ T 2-e~ 2A, dt 
Jo_ 

l-(2e AT - e - 2XT ) 


T 

\-(2e AT -e~ 2AT ) 


( 10 ) 


It should be noted that the shorter the maintenance interval (7), the greater the effective MTBF, 
vice versa, the longer the maintenance interval (7), the smaller the effective MTBF. We provide 
the following example to demonstrate this concept. 

For a repairable two unit redundant system with an identical constant failure rate 2=10 5 failure 
per hour. If the periodic maintenance interval is one month, then T= 1 month=24x30=720 hours. 
Substituting T =720 and 2=1 0' 5 into equation (10). 


MTBF = 


f 72 ° 2e~ oxm)U 

Jo 


-2x0.00001 1 


dt 


\-{2e 


-0.00001 x720 


- e 


-2x0.00001 x720 ' 


720 


\-{2e 


-0.00001 x720 


-2x0.00001 x720 ' 


= 13,988,949 


If the periodic maintenance interval is extended to three months, then 7=720x3=2160 hours, and 
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MTBF = 


f 2160 2 ^- 0.00001 r 

Jo 


— e 


-2x0.00001 1 


dt 


2160 


l — (2e 


-0.00001 X2160 


— e 


-2x0.00001 x2160 


) l-(2e 


-0.00001 x2160 


-0.00001x2160 


) 


= 4 , 729,810 


The above calculation indicates that if the maintenance interval is stretched out from one month 
to three months, the effective MTBF will be roughly shortened to one third. 

4. Case Study-Brake Discount Calculation in Safe Braking Model 

Train collision is considered as one of the major safety concerns in the mass transit industry. 
Automatic Train Protection (ATP) is a dedicated system to prevent one train from colliding with 
the other train on the same line by means of maintaining a safe separation between trains. The 
safe separation (braking) distance analysis shall be based on braking capacity (dependent on 
weight), the gradient at the location concerned, the maximum possible speed of the trains using 
the section, the allowance for system reaction and a credible margin. The ATP profile shall be 
governed by a safe braking model shown in Fig. 2 and shall ensure that under no circumstances 
(including failures) the movement authority limit will be exceeded by an ATP equipped train. 
With respect to the safe braking model, a reliability engineer is required to analyze the brake 
failure case and determine the discounted brakes quantity. 



For the Bombardier developed platform monorail, a train is composed of two cars. A train 
consists of four brake axles; each braked axle is equipped with a single passive caliper and disc 
pair. Fig. 3 shows the brake axle configuration. 
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Fig. 3. Brake axle configuration 

Each brake axle has a failure rate 2 : 4.86 x 10 6 failure per hour. The train mission time is 13.5 
hours per day. Brake supplier has recommended a three month preventive maintenance for brake 
axles. 


4.1 Case Study 1: l-out-of-4 Brake Axles Fails, 3 of 4 Brake Axles are working 

In this case study, we consider one of four brake axles fails, and the remaining three brake axles 
are still working normally. 


Substitute k =3 (Number of brake axles working in a train), /?=4 (Total number of brake axles in a 
train), 2=4.86E-6 (failure rate of brake axle, unit: failure per hour), 7=3x30x13.5=1215 (three 
month maintenance interval x 30 days x daily mission, unit: hours) into equation (7): 


MTBF = 


1215 




n\ 


k\(n - k)l 




(XXXXM86 xl215 


y _ ^-0.(XXXXW86 x!215 


J4~k) 


1215 

1 - [4 x ( 0 . 9941) 3 (1 - 0 . 9941 ) + ( 0 . 9941 ) 4 ] 


= 5 , 888 , 141 . 


We convert the above calculated MTBF into the failure rate, and the reciprocal failure rate 
=1.69837-7 fph. In the mass transit reliability regime, the threshold for the improbable 
probability is 107-9 fph, which means if the failure rate is lower than 10-9 fph, it can be assumed 
that the occurrence of such a failure may not be experienced in the thirty year life time. Because 
the failure rate for l-out-of-4 brake axles is 1.69837-7 fph, greater than 107-9 fph. It can be 
concluded that one brake axle could fail in the monorail’s thirty-year life time. Therefore, one 
brake axle failure shall be considered in the safe braking model failure case. 

4.2 Case Study 2: 2-out-of-4 Brake Axles Fail, 2 of 4 Brake Axles are working 

In this case study, we consider the situation in which 2-out-of-4 brake axles fail, and the 
remaining two brake axles are still working. 

Substitute k =2 (number of brake axles working in a train), 77=4 (total number of brake axles in a 
train), 2=4.867-6 (failure rate of brake axle, unit: failure per hour), 7=3x30x13.5=1215 (three 
month maintenance interval x 30 days x daily mission, unit: hours) into equation (7): 
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MTBF = 


1215 


| _ n ! ^ - O.fXXXXHW) x!215 J' 


-0.(XXXX)486 x!215 


^2 k\(n-k)\ 


) 


1215 


1 - [6 x ( 0 . 9941) 2 (1 - 0 . 9941) 2 + 4 x ( 0 . 9941) 3 (1 - 0 . 9941 ) + ( 0 . 9941) 4 ] 


= 1 , 495 , 014,409 


We convert the calculated MTBF into the failure rate, and the reciprocal failure rate =6.6889E-10 
fph. The failure rate for 2-out-of-4 brake axles failing is lower than I 0E-9 fph, thus it can be 
concluded that two brake axles failing simultaneously in [0, 1215 hours] could not be experienced 
in the monorail’s thirty-year life time. Therefore, the situation that two of the four brake axles 
failing at the same time will not be considered in the safe braking model failure case study. 

5. Conclusion and Boundary 

The purpose of this paper is to determine the mathematical relationship between the reliability 
parameter: Mean Time Between Failure (MTBF) or failure rate, and the maintenance interval or 
unattended period of the operation for the k-out-of-n redundant systems. The developed formula 
and methodology in this paper can be utilized in the MTBF approximation practice for the k-out- 
of -77 redundant system which is periodically maintained. The approach presented in this paper can 
also be applied in reliability calculations of the systems with the potential dormant failures. As 
described in the paper, the approach introduced in this paper is limited within the application of 
the exponential distribution. 
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